A vulnerability was found in screen causing stack overflow which results in crashing the screen server process. After running malicious command inside screen, it will recursively call MScrollV to depth n/256. This is time consuming and will overflow the stack if 'n' is huge. CVE assignment: http://seclists.org/oss-sec/2015/q3/485 Upstream patch: http://git.savannah.gnu.org/cgit/screen.git/commit/?id=c336a32a1dcd445e6b83827f83531d4c6414e2cd Upstream report (contains reproducer): https://savannah.gnu.org/bugs/?45713
Created screen tracking bugs for this issue: Affects: fedora-all [bug 1258806]
Shall I fix the screen bug or close it as WONTFIX too? Why is this bug closed as WONTFIX?
(In reply to Petr Hracek from comment #3) > Shall I fix the screen bug or close it as WONTFIX too? > > Why is this bug closed as WONTFIX? This issue is not planned to be fixed in RHEL due to Low security impact.